Electrum DDoS Botnet Infects over 152,000 users

latest technology news

In April researchers at Malwarebytes published a report warning that cybercriminals were targeting users of popular Electrum Bitcoin wallet.

In the attack, Cybercriminals netted over a 771 Bitcoins which is equivalent to approximately USD $4 million at current exchange rates.

According to Malwarebytes new blog post now the attackers have launched a series of (DDoS) attack targeting the whole company with the no of botnets used increasing day by day.

On April 24 the number of infected users was less than 100,000 and the next day it reached to 152,000. The amount of stolen funds has also increased to USD $4.6 million.

Attackers started the campaign in December by tricking users into downloading a malicious version of the wallet by exploiting a flaw in the Electrum software.

To fix the issue, the developers used the same technique as the attacker by exploiting the same flaw in their software to redirect the users to download the latest patch.

In March the developers exploited another flaw unknown to the public to keep away vulnerable clients connecting to bad nodes.

Attackers used this to launch a distributed denial of service (DDoS) attacks against Electrum servers by reversing the scenario making legitimate node overwhelmed and forcing older clients into connecting to malicious nodes.

In the analysis, Researchers discovered two distribution campaign by attackers leveraging the RIG exploit kit and the Smoke Loader to deliver a botnet malware named ElectrumDoSMiner.

Researchers also discovered previously undocumented loader called Trojan.BeamWinHTTP which was also used to deliver the ElectrumDoSMiner.

Most of the infections were located in the Asia Pacific region (APAC) and in America, most bots were located in Brazil and Peru.

                 Map showing the presence of bots part of the Electrum DDoS botnet. Source: Malwarebytes

“The number of victims that are part of this botnet is constantly changing. We believe as some machines get cleaned up, new ones are getting infected and joining the others to perform DoS attacks. Malwarebytes detects and removes ElectrumDoSMiner infections on more than 2,000 endpoints daily.”

For the latest cyber threats and the latest hacking news please follow us on FacebookLinkedin and Twitter.

You may be interested in reading:Researchers Discovered New Victim of Powerful Triton Malware

Please rate this content